Use the Right Tool for the Right Job
I’ll be the first to call anybody that refuses to run antivirus on Microsoft Windows a fool. Microsoft Windows just isn’t built the same way as Linux. Being careful on Windows just isn’t enough to prevent malware. Linux is different and the types of threats faced by Linux users aren’t thwarted by an antivirus suite. Proper practices when using Linux will gave you enough protection. Of course technology changes and this may not always be true, but at the time of this writing it is.
Malware as it Relates to Linux
Somebody will always chime in with Zero-day attacks and other vulnerabilities, but those are hacking topics. An antivirus wont protect you from these types of problems to begin with. They aren’t really so much about malware. When it comes to Linux Malware, there simply is not very much of it. Linux for the desktop doesn’t have the big red target on it that Microsoft Windows does. Linux isn’t as widely used on personal computers as Windows is and the criminals using malware to their advantage prefer to cast a wide net by targeting users of Windows. Linux web servers may be targets of hackers that want to use vulnerabilities to spread malware to unwitting Windows users, but even then Windows is the target rather than Linux.
Linux, when used in a corporate or government environment, or used as a popular web server may be a target for hackers, but Windows is the target of Malware generally speaking. Linux servers are often used as a carrier, but they aren’t the target of the infection.
Geeks love to argue about why Linux isn’t targeted. Some say it is security and others cite scarcity. I tend to think there are valid pieces from both of those arguments. Whatever you choose to believe, the fact is that there isn’t enough malware out there to justify a home user installing an antivirus suite on a Linux distribution.
There are a few antivirus suites for Linux. Unless you run a file server or a web server don’t waste your time installing one. If you run such a server you would still be scanning for Windows malware anyway. If you are really paranoid or have a need to scan a windows partition or a wine directory from Linux Clam should suffice. Clam isn’t a real time scanner, it is an on demand scanner and it should be enough to ease your mind. A real time scanner is just a waste for a Linux desktop PC that doesn’t act as a file server.
The Security Argument
When speaking strictly of malware you are about as safe on Linux as you would be from Windows with a decent antivirus installed. For malware to infect a computer running Linux it needs write access. Most of the software on a properly configured Linux installation is run from an unprivileged user account, not from root or an account with open administrative access to system files and folders. Simply put, the user account can run software that is already installed, but malware would need root access to install and make changes in most cases.
Distributions like Ubuntu and derivatives install with an unknown encrypted root password and require the use of sudo to to do anything that requires administrative access. The user is prompted to enter a password for each instance before a program can modify the system. Even if malware did manage to be installed it would have a heck of a time doing anything on a Linux computer. There is more to the argument like the construction of network protocols, a monolithic kernel, and most of the software being open source but I wont detail any of that here. Suffice it to say that Malware has an uphill battle on a Linux PC that just isn’t present on Windows to begin with.
Linux may not be a target in the way Windows is. It may very well be more secure by design, but it can still be compromised. Malware for Linux does exist. It may be rare by comparison but it is out there. You should remain aware of that fact. The best thing to do is practice “Intelligent Computing” just like you should when using a Windows environment. The main difference is that Windows requires the use of antivirus and Linux doesn’t (yet). A properly configured system will go a long way. Do not root unless you absolutely have to. Run from a normal privilege level account and use sudo instead. Never use a web browser with elevated privileges. Get software from trusted sources like your distributions repositories. Don’t download suspicious files, run software that isn’t patched, visit insecure web-sites, or use plug-ins like Java or Flash in your web browser. As you know if you have read my previous articles I don’t advocate the existence of Flash let alone the use of it as a plug-in. Keep in mind that if you don’t take basic steps to protect yourself you can be compromised using any operating system.